After developing and testing on the local environment, the next step is deploying Slothub to AWS Cloud for production. The architecture follows a serverless container model using Amazon ECS on Fargate, ensuring auto-scaling capabilities and minimizing infrastructure management overhead.
┌─────────────┐
│ Route 53 │ ← DNS domain
└──────┬──────┘
│
┌──────▼──────┐
│ AWS WAF │ ← Web protection
└──────┬──────┘
│
┌─────────────────┼─────────────────┐
│ │
┌──────▼──────┐ ┌──────▼──────┐
│ Amplify │ │ ALB │
│ (Frontend) │ │ (Load Bal.) │
└─────────────┘ └──────┬──────┘
│
┌─────────────┼──────────────┐
│ │
┌──────▼──────┐ ┌─────▼──────┐
│ Fargate │ │ Fargate │
│ (Backend) │ │ (AI Svc) │
└──────┬──────┘ └─────┬──────┘
│ │
└──────────┬─────────────────┘
│
┌──────────▼──────────┐
│ RDS PostgreSQL │
│ (Multi-AZ) │
└─────────────────────┘
Each microservice is packaged as a Docker image and pushed to Amazon ECR (Elastic Container Registry):
FROM eclipse-temurin:17-jdk-alpine AS builder
WORKDIR /app
COPY pom.xml mvnw ./
COPY .mvn .mvn
RUN ./mvnw dependency:resolve
COPY src src
RUN ./mvnw package -DskipTests
FROM eclipse-temurin:17-jre-alpine
WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
# Login to ECR
aws ecr get-login-password --region ap-southeast-1 | \
docker login --username AWS --password-stdin <account-id>.dkr.ecr.ap-southeast-1.amazonaws.com
# Build & tag
docker build -t slothub-backend ./backend
docker tag slothub-backend:latest <account-id>.dkr.ecr.ap-southeast-1.amazonaws.com/slothub-backend:latest
# Push
docker push <account-id>.dkr.ecr.ap-southeast-1.amazonaws.com/slothub-backend:latest
Fargate enables running containers without managing servers (serverless containers). Task Definition configuration for each service:
| Service | CPU | Memory | Port |
|---|---|---|---|
| Backend (Spring Boot) | 512 vCPU | 1024 MB | 8080 |
| AI Service (FastAPI) | 256 vCPU | 512 MB | 8000 |
| Agent-Core (Slozy) | 256 vCPU | 512 MB | — |
Use right-sizing to optimize costs: start with a low configuration, monitor via CloudWatch, and scale up as needed. Fargate allows flexible CPU/Memory adjustments.
The ALB distributes traffic to Fargate tasks through target groups:
ALB Rules:
/api/* → Target Group: Backend (Fargate, port 8080)
/api/v1/* → Target Group: AI Service (Fargate, port 8000)
/* → Target Group: Frontend (Amplify redirect)
The production database uses Amazon RDS instead of Docker Compose:
| Configuration | Value |
|---|---|
| Engine | PostgreSQL 15 |
| Instance | db.t3.micro (dev) / db.t3.medium (prod) |
| Storage | 20 GB (auto-scaling) |
| Multi-AZ | Enabled (Primary + Standby) |
| Backup | Automated, 7-day retention |
| Extension | pgvector (for RAG) |
# Enable pgvector extension on RDS
psql -h your-rds-endpoint -d EDU_CARE -U postgres
CREATE EXTENSION IF NOT EXISTS vector;
Ensure your RDS PostgreSQL instance is placed in a Private Subnet — only allow access from Fargate tasks via Security Groups, never expose to the public internet.
The React frontend is deployed via AWS Amplify with automatic CI/CD:
# amplify.yml - Build configuration
version: 1
frontend:
phases:
preBuild:
commands:
- npm install
build:
commands:
- npm run build
artifacts:
baseDirectory: dist
files:
- '**/*'
cache:
paths:
- node_modules/**/*
An automated pipeline builds, tests, and deploys on code push:
# .github/workflows/deploy.yml
name: Deploy to AWS
on:
push:
branches: [main]
jobs:
deploy-backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Login to ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Build & Push Docker image
run: |
docker build -t slothub-backend ./backend
docker tag slothub-backend:latest $ECR_REGISTRY/slothub-backend:latest
docker push $ECR_REGISTRY/slothub-backend:latest
- name: Update ECS Service
run: |
aws ecs update-service \
--cluster slothub-cluster \
--service slothub-backend \
--force-new-deployment
Monitoring metrics:
├── ECS/Fargate: CPU, Memory, Task count
├── ALB: Request count, Latency, Error rate
├── RDS: Connections, Read/Write IOPS, Free storage
└── Custom: API response time, AI generation time
| Service | Role |
|---|---|
| Route 53 | DNS, domain routing |
| WAF | Web application protection |
| Amplify | React frontend hosting |
| ACM | SSL/TLS certificates |
| ALB | Load balancing |
| ECS/Fargate | Backend & AI container runtime |
| ECR | Docker image registry |
| RDS PostgreSQL | Production database (Multi-AZ) |
| S3 | Document storage |
| Bedrock AgentCore | Slozy AI agent |
| Cognito | User authentication |
| CloudWatch | Monitoring & logging |
| GuardDuty | Threat detection |
The entire AWS architecture is designed for deployment in the ap-southeast-1 (Singapore) region, optimizing latency for Vietnamese users. Use Multi-AZ for RDS and distribute Fargate tasks across multiple Availability Zones to ensure high availability.
Congratulations on completing the detailed Slothub workshop! Return to the Cleanup section if you need to release resources after practicing.